{"id":11282,"date":"2022-04-16T01:06:03","date_gmt":"2022-04-15T22:06:03","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=11282"},"modified":"2022-04-16T01:06:03","modified_gmt":"2022-04-15T22:06:03","slug":"hackerlar-ziyanli-yazilimlar-icin-wav-evraklarini-kullaniyor","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=11282","title":{"rendered":"Hackerlar Ziyanl\u0131 Yaz\u0131l\u0131mlar \u0130\u00e7in WAV Evraklar\u0131n\u0131 Kullan\u0131yor"},"content":{"rendered":"<p>\u0130nsanlar\u0131n bilgilerini ele ge\u00e7irmek ve bunu kendi avantaj\u0131na kullanmak isteyen hackerlar, her g\u00fcn yeni bir usulle kar\u015f\u0131m\u0131za \u00e7\u0131k\u0131yorlar. Blackberry Cylance taraf\u0131ndan bulunan yeni bir prosed\u00fcre nazaran hackerlar, WAV ses evraklar\u0131na kapal\u0131 kodlar yerle\u015ftiriyorlar.<\/p>\n<p>Asl\u0131nda bu form\u00fcl, \u2018steganografi\u2019 olarak bildi\u011fimiz bilgiyi gizleme bilimine epey benziyor. Hackerlar, d\u0131\u015far\u0131dan ola\u011fan g\u00f6z\u00fcken bir evrakta bir\u00e7ok ziyanl\u0131 yaz\u0131l\u0131m saklamak i\u00e7in bu usul\u00fc kullan\u0131yorlar. M\u00fcnasebetiyle bu evraklar, g\u00f6r\u00fcn\u00fc\u015fte ku\u015fkulu olmad\u0131klar\u0131 i\u00e7in g\u00fcvenlik duvar\u0131ndan da rahat\u00e7a ge\u00e7ebiliyorlar.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/24\/da0f4588161b5ab86569c62fb8ed68d847df571c.jpeg\"\/><\/p>\n<p>Hackerlar\u0131n WAV evraklar\u0131n\u0131 kullanmaya ba\u015flamalar\u0131 ise epey yeni bir form\u00fcl. Ge\u00e7mi\u015fte bu \u015fah\u0131slar daha \u00e7ok s\u0131k\u0131\u015ft\u0131r\u0131lm\u0131\u015f ya da foto\u011fraf evraklar\u0131na ziyanl\u0131 yaz\u0131l\u0131m sakl\u0131yorlard\u0131 lakin Blackberry Cylance taraf\u0131ndan yap\u0131lan ke\u015ffe nazaran hackerlar, XMRrig isimli ziyanl\u0131 yaz\u0131l\u0131m\u0131 saklamak i\u00e7in WAV belgelerini kullan\u0131yorlar. WAV belgeleri, mak\u00fbs niyetli kodlar\u0131n \u00e7al\u0131\u015fmas\u0131 i\u00e7in komutlar\u0131n kodunu \u00e7\u00f6zme ve y\u00fcr\u00fctme hedefli y\u00fckleyici bir bile\u015fen\u00a0enjekte ediyor. Her WAV belgesi, evrak\u0131n ses bilgilerinde y\u00fckleyici bir bile\u015fen i\u00e7eriyor. Ses \u00e7al\u0131nd\u0131\u011f\u0131nda ise birtak\u0131m WAV evraklar\u0131n\u0131n ola\u011fan formda ses \u00fcretti\u011fi, \u00f6b\u00fcr belgelerin da s\u0131rf beyaz g\u00fcr\u00fclt\u00fc\u00a0\u00fcretti\u011fi ke\u015ffedildi.<\/p>\n<p>G\u00fcvenlik uzmanlar\u0131n\u0131n WAV belgelerinden \u00e7\u0131kard\u0131\u011f\u0131 XMRrig ve Metasploit yaz\u0131l\u0131m\u0131, kurban\u0131n bilgisayar\u0131nda kripto para madencili\u011fi yap\u0131yor. Blackberry Cylance\u2019da yetkili isimlerden biri olan Josh Lemos, bir ses belgesinin kripto para madencili\u011fi i\u00e7in kullan\u0131lmas\u0131n\u0131n bir birinci olmad\u0131\u011f\u0131n\u0131 s\u00f6yledi. Daha evvel de bu t\u0131p denemeler ger\u00e7ekle\u015fmi\u015f.<\/p>\n<p>Bu cins bir deneme birinci defa ge\u00e7ti\u011fimiz haziran ay\u0131nda tespit edilmi\u015fti. Rus hacker k\u00fcmesi \u00c7e\u015fitle, kendi sunucular\u0131ndan \u00f6teki bilgisayarlara ziyanl\u0131 yaz\u0131l\u0131m enjekte etmek i\u00e7in WAV evraklar\u0131n\u0131 kullan\u0131yordu. Ayr\u0131yeten bu hacker k\u00fcmesi, Chrome ve Firefox\u2019u TLS web trafi\u011fini izlemek \u00fczere de\u011fi\u015ftirmekten de sorumluydu.<\/p>\n<p>Cylance\u2019in yapt\u0131\u011f\u0131 a\u00e7\u0131klamaya nazaran ise bu ay ger\u00e7ekle\u015fen taarruzlardan Turla\u2019y\u0131 sorumlu tutmak ger\u00e7ek olmaz zira rastgele bir insan\u0131n art\u0131k bu usul\u00fc emsal ziyanl\u0131 TTP\u2019lerle ve yaz\u0131l\u0131mlarla ger\u00e7ekle\u015ftirebilecekleri s\u00f6ylendi. Bunun d\u0131\u015f\u0131nda uzmanlar, steganografinin tespitinin hayli g\u00fc\u00e7 oldu\u011funu ve bu y\u00fczden internetten rastgele bir ses evrak\u0131 indirirken dikkatli olunmas\u0131 gerekti\u011fini belirtti.<\/p>\n<div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u0130nsanlar\u0131n bilgilerini ele ge\u00e7irmek ve bunu kendi avantaj\u0131na kullanmak isteyen hackerlar, her g\u00fcn yeni bir usulle kar\u015f\u0131m\u0131za \u00e7\u0131k\u0131yorlar &#8230;<\/p>\n","protected":false},"author":1,"featured_media":11283,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[1088,1124,1237,1713],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/11282"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11282"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/11282\/revisions"}],"predecessor-version":[{"id":11284,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/11282\/revisions\/11284"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/11283"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11282"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11282"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11282"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}